Building a Mock Registration MDS for your 1.2.0.x MOSIP Setup
Pre-requisites
MOSIP 1.2.0.x setup with the Partner Management Portal deployed
The CA certificate utility to create the device partner certificates
The CA_CERT_UTILITY is a certificate creation utility that uses shell script commands being executed sequentially to generate valid certificates. For Linux machines running the script is easy but windows machines will need the git installed or need the OpenSSL application installed in the machine.
Steps
Please update all the URLs as per your environment
Step 1: Create a “Device Partner” using the Partner Management Portalhttps://pmp.dev.mosip.net/
“Organization Name” is also required while creating the partner certificate, hence please be careful in providing the Organization Name while creating the partner as well as certificates.
Step 2: Create Mock CA, Sub CA and Partner Certificates using the CA Certificate Utility
Run the “
create-certs.sh
"Sequentially create the certificates for CA, SUBCA and Partner (also known as client)
Step 3: After the completion of the above steps, the certificates are created in the same folder. The required certificate sheets are highlighted below.
Step 4: Steps to upload the above certificates in MOSIP.
Rename the below certificates
RootCA.crt → RootCA.cer
InternmediateCA.crt → InternmediateCA.cer
Client.crt → Client.cer
Login to the partner management portal using the role “PARTNER_ADMIN” and navigate the “Upload CA Certificate”
Upload the RootCA.cer
Upload the InternmediateCA.cer
Login to the partner management portal using the credentials of the “Device Partner” created in Step 1 and upload the Client.cer in the Upload Certificate option
Step 5: Add the MOSIP signed certificate to the CA Cert Utility folder
Copy the text shown when you can click on “View Certificate”
Open a new notepad++ file and place the data
Find all blank spaces and replace with \n with search mode as “Regular Expression” to make it a “crt” file
Name the file “mosip-signed.crt” and save it in the same directory as CA Cert Utility
Step 6: Generate Device.p12 file
Run “create-device-keystore.sh” and enter values as below,
In Windows, create-device-keystore.sh may not work. You will need OpenSSL or Git installed to run this script. Please find the steps to install OpenSSL and run the create-device-keystore.sh script for windows:
Install OpenSSL 1.1.1 (64-bit)
Browse to the installation directory
Click on Win64 OpenSSL Command Prompt, run as Administrator
Open “create-device-keystore.sh” in text file
Copy and paste commands line by line in the OpenSSL cmd prompt
cd <path to CA_CERT_UTILITY>
openssl genrsa -out Device.key 4096
openssl req -new -key Device.key -out Device.csr
openssl x509 -req -extensions usr_cert -extfile D:\MOSIP\Reference\CA_CERT_UTILITY\openssl.cnf -days 365 -in Device.csr -CA D:\MOSIP\Reference\CA_CERT_UTILITY\mosip-signed.crt -CAkey D:\MOSIP\Reference\CA_CERT_UTILITY\Client.key -set_serial 05 -out signed-Device.crt
openssl pkcs12 -export -in signed-Device.crt -inkey Device.key -out Device.p12 -name "Device"
Once all Certificates are created, you will find a list of files in the same directory below
Step 7: Setting up the Mock Registration MDS
Download the latest mock MDS .zip from the URL: https://github.com/mosip/mosip-mock-services/tree/master
Place the device certificates created in the certificate paths as highlighted below in the mock MDS:
Modify the “application.properties” file as below after placing the certificates are placed.
Modify the below changes in the “application.properties” file.
Build the MDS in the command prompt in the same directory where the pom file exists
run “mvn clean install”